From 150c33e81991733010f3d711b6a5b4ebfff6eb0a Mon Sep 17 00:00:00 2001 From: Anurag Date: Mon, 6 Mar 2023 23:08:32 +0530 Subject: [PATCH] add kubearmor projects for gsoc 2023 Signed-off-by: Anurag --- summerofcode/2023.md | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/summerofcode/2023.md b/summerofcode/2023.md index ef82a159..1964a027 100644 --- a/summerofcode/2023.md +++ b/summerofcode/2023.md @@ -53,6 +53,9 @@ If you are a project maintainer and consider mentoring during the GSoC 2023 cycl + [Dataplane migration for Apache Kafka communications: From Vert.x to Project Loom](#dataplane-migration-for-apache-kafka-communications--from-vertx-to-project-loom) + [Porting Knative Serving to Microshift](#porting-knative-serving-to-microshift) + [Self-Balancing Knative Kafka Broker partitions](#self-balancing-knative-kafka-broker-partitions) + * [Kubearmor](#kubearmor) + + [GitHub Action for Kubearmor](#github-action-for-kubearmor) + + [Store Kubearmor policies in OCI registry](#store-kubearmor-policies-in-oci-registry) * [Kubebuilder](#kubebuilder) + [Helper to upgrade the projects](#helper-to-upgrade-the-projects) * [KubeVela](#kubevela) @@ -319,6 +322,29 @@ This project lends itself to GSoC due to the modular nature of the tasks which a - Difficulty: Hard - Upstream Issue (URL): https://github.com/knative-sandbox/eventing-kafka-broker/issues/2917 +### Kubearmor + +#### GitHub Actions for KubeArmor + +- Description: Build a GitHub action to allow the usage of KubeArmor in the CI. KubeArmor should be able to identify change in the application posture early in the dev life cycle. If the app changes results in new app behavior such as new process invocation or new file system access or new network connections, then the same has to be highlighted early in the application life cycle so that the security posture changes can be handled accordingly. +- Expected outcome: [`karmor summary`](https://github.com/kubearmor/kubearmor-client/) provides a way to verify the [application behavior](https://github.com/kubearmor/KubeArmor/blob/main/getting-started/workload_visibility.md). The aim here would be to baseline the application behavior and check for any deviation during subsequent application updates. It then should look for any potential security gaps and recommend policies leveraging based on that. +The action should be able to generate a summary using baseline benchmark and then show the application based changes in the graphical mode. +- Mentor(s): Ankur Kothiwal(Ankurk99, ankur DOT kothiwal99 AT gmail DOT com), Anurag Kumar(kranurag7, contact DOT anurag7 AT gmail DOT com), Barun Acharya(daemon1024, barun1024 AT gmail DOT com) +- Expected project size: 175 Hours +- Recommended Skills: Kubernetes, GitHub Actions +- Difficulty: Medium +- Upstream Issue (URL): https://github.com/kubearmor/KubeArmor/issues/1128 + +#### Store Kubearmor policies in OCI registry + +- Description: Store kubearmor policies & host policies in OCI registry. This project also aims to publish kubearmor policies on [Artifact Hub](https://artifacthub.io/). +- Expected outcome: The contributor is expected to create subcommand for `karmor` to interact with OCI registries for pushing, pulling and verifying policies. +- Mentor(s): Ankur Kothiwal(Ankurk99, ankur DOT kothiwal99 AT gmail DOT com), Anurag Kumar(kranurag7, contact DOT anurag7 AT gmail DOT com), Barun Acharya(daemon1024, barun1024 AT gmail DOT com) +- Expected project size: 175 Hours +- Recommended Skills: Go, Containers +- Difficulty: Medium +- Upstream Issue (URL): https://github.com/kubearmor/KubeArmor/issues/1130 + ### Kubebuilder #### Helper to upgrade the projects